package com.bkhech.boot.autoconfigure.security;

import com.bkhech.boot.configure.security.config.SecurityProperties;
import com.bkhech.boot.configure.security.core.api.auth.LoginUserApi;
import com.bkhech.boot.configure.security.core.api.permission.PermissionApi;
import com.bkhech.boot.configure.security.core.authority.SecurityFrameworkService;
import com.bkhech.boot.configure.security.core.authority.SecurityFrameworkServiceImpl;
import com.bkhech.boot.configure.security.core.context.TransmittableThreadLocalSecurityContextStrategy;
import com.bkhech.boot.configure.security.core.filter.TokenAuthenticationFilter;
import com.bkhech.boot.configure.security.core.handler.CustomizeAccessDeniedHandlerImpl;
import com.bkhech.boot.configure.security.core.handler.CustomizeAuthenticationEntryPointImpl;
import com.bkhech.boot.configure.security.core.handler.CustomizeAuthenticationSuccessHandler;
import lombok.RequiredArgsConstructor;
import org.springframework.beans.factory.config.MethodInvokingFactoryBean;
import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.authentication.AuthenticationEntryPointFailureHandler;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;

/**
 * @author guowm
 * @date 2023/2/7
 */
@RequiredArgsConstructor
@AutoConfiguration
@EnableConfigurationProperties(SecurityProperties.class)
public class SecurityConfigAutoConfiguration {

    private final SecurityProperties securityProperties;
    private final LoginUserApi loginUserApi;
    private final PermissionApi permissionApi;

    /**
     * Spring Security 加密器
     * 考虑到安全性，这里采用 BCryptPasswordEncoder 加密器
     *
     * @see <a href="http://stackabuse.com/password-encoding-with-spring-security/">Password Encoding with Spring Security</a>
     */
    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    /**
     * 认证失败处理类 Bean
     */
    @Bean
    public AuthenticationEntryPoint authenticationEntryPoint() {
        return new CustomizeAuthenticationEntryPointImpl();
    }

    /**
     * 权限不够处理器 Bean
     */
    @Bean
    public AccessDeniedHandler accessDeniedHandler() {
        return new CustomizeAccessDeniedHandlerImpl();
    }

    @Bean
    public AuthenticationSuccessHandler authenticationSuccessHandler() {
        return new CustomizeAuthenticationSuccessHandler();
    }

    @Bean
    public AuthenticationFailureHandler authenticationFailureHandler() {
        return new AuthenticationEntryPointFailureHandler(authenticationEntryPoint());
    }

    @Bean
    public TokenAuthenticationFilter authenticationFilter() {
        return new TokenAuthenticationFilter(securityProperties, loginUserApi);
    }

    /**
     * 使用 Spring Security 的缩写，方便使用
     * 自定义权限框架别名
     */
    @Bean("ss")
    public SecurityFrameworkService securityFrameworkService() {
        return new SecurityFrameworkServiceImpl(permissionApi);
    }

    /**
     * 声明调用 {@link SecurityContextHolder#setStrategyName(String)} 方法，
     * 设置使用 {@link TransmittableThreadLocalSecurityContextStrategy} 作为 Security 的上下文策略
     *
     * @return
     */
    @Bean
    public MethodInvokingFactoryBean securityContextHolderMethodInvokingFactoryBean() {
        MethodInvokingFactoryBean methodInvokingFactoryBean = new MethodInvokingFactoryBean();
        methodInvokingFactoryBean.setTargetClass(SecurityContextHolder.class);
        methodInvokingFactoryBean.setTargetMethod("setStrategyName");
        methodInvokingFactoryBean.setArguments(TransmittableThreadLocalSecurityContextStrategy.class.getName());
        return methodInvokingFactoryBean;
    }

}
